@jslarraz thanks for the reply.
Trippy on linux only requires CAP_NET_RAW. I understand that, when run as a snap, this means that it needs both the (existing) network_observe plug and to have CAP_NET_RAW. This is for the reason @James-Carroll gave in the thread, i.e. “The (lack of) interfaces remove permissions, but adding interfaces can’t grant them”.
The question therefore is how can a snap be given CAP_NET_RAW other than running it as sudo? My understand (backed up by my experiment here) is that the “traditional” ways of giving the executable CAP_NET_RAW do not work with snap.
If so, and therefore if sudo is required (which was the conclusion from the prior thread) then the solution of using home: read: all was deemed as being the best option. I fully agree it is an ugly workaround and in fact not even a complete workaround (i.e. doesn’t work for hidden files and directories).
Do you know of a method of giving trippy CAP_NET_RAW that will work with snap? If so I’d be keen to explore that option.
Thanks.